March 13, 2013

Microsoft has issued a fix for MS13-027, a Windows vulnerability that allows hackers to get into a computer with a USB stick and assume administrative privileges.

Essentially, the update is a fix for vulnerabilities that may require physical access, but not a valid logon session.

To exploit the now fixed flaw, hackers could simply have added a maliciously formatted USB device to the computer’s system.

“When the Windows USB device drivers enumerate the device, parsing a specially crafted descriptor, the attacker could cause the system to execute malicious code in the context of the Windows kernel,” reads a March 12 Microsoft blog post. “Because the vulnerability is triggered during device enumeration, no user intervention is required. In fact, the vulnerability can be triggered when the workstation is locked or when no user is logged in, making this an un-authenticated elevation of privilege for an attacker with casual physical access to the machine.”

In addition to the MS13-027 patch, Microsoft has also issued an additional six patches, four of which have been categorized as critical. Critical vulnerabilities are those which could allow a hacker to remotely infect a PC with malware by convincing the user to click on a malicious link.

The fix for Internet Explorer is for all versions from IE6 to IE10 for XP, Windows 8 and RT, while the fix for Microsoft’s Silverlight is for both Windows and Mac OS X.

The third critical patch is to fix a flaw in Microsoft’s Office Filter Pack while the fourth corrects Microsoft’s Sharepoint.

The other three patches, which includes MS13-027, are rated as important, meaning there is less of a threat than those with a critical rating.

Google Grabs Canadian Neural Networks Start-Up

Google has snapped up a “ground-breaking” neural networks start-up launched out of the University of Toronto.

Google purchased DNNresearch Inc. for an undisclosed sum in a bid to get its hands on the startup’s research on neural networks as well as the talent behind the business.

DNNresearch Inc. was launched last year by department of computer science professor Geoffrey Hinton and two of his graduate students, Alex Krizhevsky and Ilya Sutskever. Hinton is world-renowned for his work with neural nets.

Recently, Krizhevsky and Sutskever — who both will move to Google’s headquarters in Mountain View, CA — developed a system that dramatically improved the state-of-the-art in object recognition.

The acquisition will allow Google to move past conventional search algorithms to better identify content such as images, voice and text. According to a statement from the University of Toronto, Hinton’s research has profound implications for areas such as speech recognition, computer vision and language understanding.

“I am extremely excited about this fantastic opportunity to keep my research here in Toronto and, at the same time, help Google apply new developments in deep learning to make systems that help people,” Hinton said.

Hinton will spend time at Google’s Toronto office and several months of the year at Google’s headquarters in California.

The acquisition comes on the heels of a $600,000 donation from Google to Hinton’s research group to support further work in the area of neural nets.

Google Making Version of Glass for Prescription Wearers

Google Glass will be fashioning a version of its computerized spectacles for prescription glass wearers, the Internet company said in a blog post.

“The Glass design is modular, so you will be able to add frames and lenses that match your prescription,” the post reads. “We understand how important this is and we’ve been working hard on it.”

Google is “still perfecting the design” for the prescription frames which means the model won’t be ready for the Explorer Edition’s release, but will make an appearance later this year.

The search engine company’s research team is continually working on new ideas for the device — a pair of titanium-framed glasses that is to display information much like a tablet does. It will connect to the Internet with a voice command as well as perform a number of other functions.

Google officially unveiled the glasses during its I/O conference last summer.